[Help-gnutls] Re: gnutls_x509_crt_set_version documentation suggestion

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: gnutls_x509_crt_set_version documentation suggestion

From:	Simon Josefsson
Subject:	[Help-gnutls] Re: gnutls_x509_crt_set_version documentation suggestion
Date:	Thu, 15 Mar 2007 12:29:58 +0100
User-agent:	Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.94 (gnu/linux)

Florian Weimer <address@hidden> writes:

> It might be a good idea to add the following information to the
> documentation for gnutls_x509_crt_set_version:
>
>   To create well-formed certificates, you must specify version 3 if
>   you use any certificate extensions.  Extensions are created by
>   functions such as gnutls_x509_crt_set_subject_alternative_name or
>   gnutls_x509_crt_set_key_usage.

Added.

> (I don't know if GNUTLS supports the v2 extensions.)

I'm not familiar with v2 certificates... It might be possible to
create them using the GnuTLS API's.

> GNUTLS doesn't check if a v1 certificate contains any extensions, but
> other X.509 implementations do.

I've added checking this to the TODO list:

- Chain verifications.
...
  - Reject extensions in v1 certificates.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] gnutls_x509_crt_set_version documentation suggestion, Florian Weimer, 2007/03/14
- [Help-gnutls] Re: gnutls_x509_crt_set_version documentation suggestion, Simon Josefsson <=

Prev by Date: [Help-gnutls] Re: Error making certificate
Next by Date: [Help-gnutls] Re: Certificate verification when using OpenPGP certificates
Previous by thread: [Help-gnutls] gnutls_x509_crt_set_version documentation suggestion
Next by thread: [Help-gnutls] Certificate verification when using OpenPGP certificates
Index(es):
- Date
- Thread